Query parameter signing
Sign your URL query parameters
Your signature helps prove authenticity, and by adding a signature to your URL, this helps prevent imposters pretending to be you.
How to generate a signature
Compute a hash-based authentication code (HMAC) with a SHA-256 hash function. Use your private key as the key and address as input.
Be sure to always generate signatures from your server side application and never from the client as it would leak the private key.
Examples
Signing walletAddress
import crypto from "crypto";
const url = 'https://blockchain.com/pay/widget'
const walletAddress = "address";
const walletAddressSignature = crypto
.createHmac("sha256", "secret-api-key")
.update(walletAddress)
.digest("hex");
const finalUrl = `${url}?walletAddress=${walletAddress}&walletAddressSignature=${walletAddressSignature}`
Signing redirectUrl
import crypto from "crypto";
const url = 'https://blockchain.com/pay/widget'
const redirectUrl = "https://example.com/?additionalParam=data";
const encodedRedirectUrl = encodeURIComponent(redirectUrl);
const redirectUrlSignature = crypto
.createHmac("sha256", "secret-api-key")
.update(encodedRedirectUrl)
.digest("hex");
const finalUrl = `${url}?redirectUrl=${encodedRedirectUrl}&redirectUrlSignature=${redirectUrlSignature}`
Last updated